Website popup security login on Windows Server 2003 IIS6

I've setup a test website on a sub-domain and now want to setup a popup login, it's just some low security to prevent search engine robots accessing; I've added a disallow directive in robots.txt but don't want to rely on that. How would I best achieve this (on a LAMP server I would use .htaccess).

The control panel is Plesk and that has a Protected Urls section, but I can't seem to add/setup a user. I've seen IISPasswords but I dare not try installing in case it causes any issues as I've never used it before.

I've seen this tutorial which explains how to do this in IIS and explains how to add a user. I can follow this but I'm not sure what rights the user requires, I don't want to compromise the Windows server security just for a low level website login.

At the bottom of the first link it says: "On the Security tab, configure the additional accounts and permissions that are minimally necessary to run the Web site, and then click OK. Some of the accounts listed, such as Administrators and System, are already configured by default."

Any advice please on what minimal permissions are required for a new user account for the purpose of a popup login?